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1 DETAILED ACTION 

2 

3 Claims 1 - 12, 14 - 22, 24 - 29 are pending. 

4 All objections and rejections not set forth below have been withdrawn. 
5 

6 Continued Examination Under 37 CFR 1.114 

7 

8 A request for continued examination under 37 CFR 1 . 1 1 4, including the fee set 

9 forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 

1 0 application is eligible for continued examination under 37 CFR 1 . 1 1 4, and the fee set 

1 1 forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the previous Office action 

1 2 has been withdrawn pursuant to 37 CFR 1 . 1 1 4. Applicant's submission filed on 8/1 5/07 

13 has been entered. 
14 

1 5 Specification 

16 

17 The amendment filed 8/15/07 is objected to under 35 U.S.C. 132(a) because it 

18 introduces new matter into the disclosure. 35 U.S.C. 132(a) states that no amendment 

19 shall introduce new matter into the disclosure of the invention. The added material 

20 which is not supported by the original disclosure is as follows: Applicant adds the 

21 following matter to paragraph 8 of the specification: Typically, the server computer only 

22 needs to examine the portions of the HTTP request that may contain data derived from 
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1 outside input (and thus does not need to examine portions of the HTTP request 

2 containing data not derived from outside input). 

3 Applicant is required to cancel the new matter in the reply to this Office Action. 
4 

5 The specification is objected to as failing to provide proper antecedent basis for 

6 the claimed subject matter. See 37 CFR 1 .75(d)(1) and MPEP § 608.01 (o). Correction 

7 of the following is required: 

8 Amendments to claims 1 - 12, 14 - 22, 24 - 29 add new recitations substantially 

9 comprising: 

1 0 "the request includes ... a first portion of data, and a second portion of data, all of 



1 1 the second portion of data being derived from an outside source., .examining only the 

1 2 second portion of data of the request", "wherein evaluating the HTTP request includes 

1 3 examining only the user input data", "wherein evaluating the HTTP request includes 

1 4 examining only the user input portion of the HTTP request". These recitations are not 

1 5 found by the examiner nor shown by the applicant to be supported within the applicant's 

16 original disclosure. 
17 

18 Drawings 

19 

20 The drawings are objected to under 37 CFR 1.83(a). The drawings must show 

21 every feature of the invention specified in the claims. Therefore, the features of the 

22 newly amended claims such as "the request includes ... a first portion of data, and a 
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1 second portion of data, all of the second portion of data being derived from an outside 

2 source. . .examining only the second portion of data of the request", "wherein evaluating 

3 the HTTP request includes examining only the user input data", "wherein evaluating the 

4 HTTP request includes examining only the user input portion of the HTTP request" 

5 must be shown or the feature(s) canceled from the claim(s). The examiner notes that 

6 while the applicant has originally shown the features of an HTTP request, receiving an 

7 HTTP request, and examining the HTTP request, the newly added recitations such as 

8 the above are found lacking within the applicant's drawings. No new matter should be 

9 entered. 

10 Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 

11 reply to the Office action to avoid abandonment of the application. Any amended 

12 replacement drawing sheet should include all of the figures appearing on the immediate 

1 3 prior version of the sheet, even if only one figure is being amended. The figure or figure 

14 number of an amended drawing should not be labeled as "amended." If a drawing figure 

15 is to be canceled, the appropriate figure must be removed from the replacement sheet, 

16 and where necessary, the remaining figures must be renumbered and appropriate 

17 changes made to the brief description of the several views of the drawings for 

18 consistency. Additional replacement sheets may be necessary to show the renumbering 

19 of the remaining figures. Each drawing sheet submitted after the filing date of an 

20 application must be labeled in the top margin as either "Replacement Sheet" or "New 

21 Sheet" pursuant to 37 CFR 1.121 (d). If the changes are not accepted by the examiner, 
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1 the applicant will be notified and informed of any required corrective action in the next 

2 Office action. The objection to the drawings will not be held in abeyance. 
3 

4 Claim Objections 

5 

6 . Claims 4, 1 1 , and 21 are objected to under 37 CFR 1 .75(c), as being of improper 

7 dependent form for failing to further limit the subject matter of a previous claim. 

8 Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim(s) 

9 in proper dependent form, or rewrite the claim(s) in independent form. Regarding these 

10 claims, each of their respective parent claims already recite what is essentially 

1 1 examining input data for a script construct or for data derived from an outside source. 



12 

1 3 Claim Rejections - 35 USC § 101 

14 

15 35 U.S. C. 101 reads as follows: 

1 6 Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
1 7 matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 

1 8 conditions and requirements of this title. 

19 

20 Claims 18-22, 24, and 25 are rejected under 35 U.S.C. 101 because the 

21 claimed invention is directed to non-statutory subject matter. 

22 Regarding these claims, the applicant recites a computer program product. The 



23 applicant reveals that this computer program product comprises instructions embodied 

24 on a carrier signals (see for example paragraph 35 of Specification). As instructions 
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1 upon signals fail to fall within one of the statutory categories of invention, these claims 

2 are rejected as not statutory. 
3 

4 Claim Rejections - 35 (JSC §112 

5 

6 The following is a quotation of the first paragraph of 35 U.S.C. 112: 

7 The specification shall contain a written description of the invention, and of the manner and process of 

8 making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 

9 art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
1 0 set forth the best mode contemplated by the inventor of carrying out his invention. 

11 

12 Claims 1 - 12, 14 - 22, 24 - 29 are rejected under 35 U.S.C. 112, first 

13 paragraph, as failing to comply with the written description requirement. The 

14 claim(s) contains subject matter which was not described in the specification in such a 

15 way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the 

16 time the application was filed, had possession of the claimed invention. Applicant has 

17 not pointed out where the new (or amended) claim is supported, nor does there appear 

18 to be a written description of the claim limitations in the application as filed (see above 

1 9 objection to the specification). 

20 
21 

22 The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

23 The specification shall conclude with one or more claims particularly pointing out and distinctly 

24 claiming the subject matter which the applicant regards as his invention. 
25 

26 Claims 1 - 12, 14-22, 24-29 are rejected under 35 U.S.C. 112, second 

27 paragraph, as being indefinite for failing to particularly point out and distinctly 

28 claim the subject matter which applicant regards as the invention. 
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1 Specifically, claims 1, 8, and 18, each comprise the recitation (or essentially 

2 similar), '"wherein determining . . . includes examining only the The examiner notes 

3 that these recitations render the scope of the claimed invention unclear. 

4 Namely, while one interpretation of the claim language (for example, claim 1 8) 

5 may suggest that the act of examining an HTTP request comprises only the 

6 examination of user input, the examiner notes that the applicant clearly appears to 

7 suggest otherwise within the claim language. First, the applicant recites the open and 

8 non-limiting language of "includes" with respect to the act of examining an HTTP 

9 request. Second, a plurality of depending claims reveal that the an act of examining an 

10 HTTP request also broadly includes examining the HTTP request - so as to find 

1 1 characters within the HTTP request, events within the request, server variables within 

12 the request, and expressions within the request. Finally, the applicant's original 

13 disclosure and drawings indicate that essentially a complete HTTP request (for 

14 example, see fig. 3), as received from a user, is examined for features that indicate 

15 cross-site scripting. 

16 Furthermore claims 8 - 12, 14- 17, 18-22/24, 25, 28, and 29 inconsistently 

17 recite throughout: "input from the user computer", "the user input data", "the user input 

18 data of the user input portion", "the input data", "all user input data that was not 

19 generated by the server computer", "the user input portion", and "the user input" thus 

20 rendering the scope of these claims indeterminate. It is unclear from within this plurality 

21 of claims if the applicant intends for the various recitations regarding input to be 

22 interpreted as the same or different sets of data by virtue of their distinct recitations. For 



Application/Control Number: 10/600,683 
Art Unit: 2137 



Page 8 



1 the purpose of examination, the examiner will presume the applicant to mean "the 



2 input". 

3 Depending claims are rejected by virtue of dependency. 
4 

5 Claim Rejections - 35 USC § 103 

6 

7 The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for al! 

8 obviousness rejections set forth in this Office action: 

9 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

1 0 forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 

1 1 the prior art are such that the subject matter as a whole would have been obvious at the time the 

1 2 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

1 3 Patentability shall not be negatived by the manner in which the invention was made. 
14 

15 Claims 1 -12, 14-22, 24-29 are rejected under 35 U.S.C. 103(a) as being 

16 unpatentable over CERT CC, "CERT Advisory CA-2000-02 Malicious HTML Tags 

17 Embedded in Client Web Requests" (CERT-Advisory) in view of CERT CC, 

18 "Understanding Malicious Content Mitigation for Web Developers" (CERT) in view 

19 of Wheeler, Secure Programming for Linux and Unix HOWTO in view of Sanin. 

20 "Web Service Security Filter", U.S. Patent Publication 2004/007381 1 . 



21 

22 Regarding claim 1, CERT-Advisory discloses: 

.23 receiving a request from a user computer, wherein the request includes a first 

24 portion of data, and a second portion of data, all of the second portion of data being 

25 derived from an outside source (CERT-Advisory, page 1 , Systems Affected, Overview; 
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1 page 2, pars. 2-4 - herein the prior art discloses the origin of an HTTP request is 

2 outside from the server). 

3 CERT-Advisory discloses, in general, that the Server site attempts to prevent the 

4 site from being abused or attacked by malicious data ("a marker of active content") 

5 within the request (CERT-Advisory, page 5, Solutions for Web Page Developers and 

6 Web Site Administrators). CERT-Advisory does not explicitly say determining if the 

7 ( request from the user computer includes a marker of active content identified in a list of 

8 active markers, wherein determining whether the request from the user computer 

9 includes a marker of active content includes examining only the second portion of the 

10 request. Instead, CERT-Advisory directs the readers' attention to the detailed solution 

1 1 (found in CERT) for preventing cross-site scripting attacks in response to receiving 

12 HTTP requests comprising malicious scripts. 

13 CERT discloses the specifics for mitigating cross-site scripting attacks by 

14 evaluating the incoming data requests against a list of markers of active content that 

1 5 would indicate the presence of malicious scripts (CERT, page 1 , par. 1 , Problem 

16 Summary, pars. 2-3; page 2, Mitigation Summary; page 3, Identifying the Special 

17 Characters; pages 4 and 5, Filtering Dynamic Content). 

1 8 It would have been obvious to one of ordinary skill in the art to combine the 

19 teachings of CERT with the teachings of, CERT-Advisory. This would have been 

20 obvious because CERT-Advisory explicitly says to include the reference of CERT so as 

21 to successfully mitigate cross-site scripting attacks (CERT-Advisory, page 5, par. 6). 
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1 The combination of CERT-Advisory and CERT discloses refraining from 

2 executing any portion of the request if the request includes the marker of active content 

3 to dynamically render a response to the HTTP request if the input data includes a script 

4 construct (CERT-Advisory, pg. 1, "Overview"; pg. 2, "Malicious code sent inadvertently 

5 by a client for itself"; CERT, pg. 1, par. 1; pg. 2-4, "Mitigation Summary"). Herein, prior 

6 art discloses that if the input data includes a script construct, refusing to execute any 

7 HTTP request and thereby preventing the cross-site scripting attack if the input data 

8 includes a script construct. Malicious HTTP requests are not executed. 

9 The combination does not disclose informing the user that a marker of active 

1 0 content from the list of active markers has been discovered in the request and 

1 1 requesting that the user computer resubmit a request and subsequently serving a 

1 2 response to the request resubmitted by the user computer. . 

13 Wheeler, in response to the problem of cross-site scripting attacks and building 

14 upon the prior art teachings of CERT (Wheeler, 4.10,6.15, 6.15.1 -6.15.2.1, 8.5), 

15 teaches that a system in practice may forbid markers of active content and send 

16 informative error messages to users who include them in requests. A system could 

17 notify the user of ways to correct such issues (Wheeler, 4.11.6, par. 2; 4.11.1; 4.11.3, 

18 par. 5; 4.12, par. 5). 

19 It would have been obvious to one of ordinary skill in the art to employ the 

20 teachings of Wheeler along with the teachings of the combination of CERT and CERT- 

21 Advisory. This would have been obvious because one of ordinary skill in the art would 
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1 have been motivated by the explicit suggestions found within the prior art when 

2 practically implementing a solution to mitigate malicious scripting attacks. 

3 The examiner notes that the applicant adds the following recitation, which does 

4 not appear to be explicitly recited within the prior art combination. Namely, the 

5 combination does not appear to explicitly recite maintaining the list of active markers "at 

6 a server". 

7 Sanin, however, discloses that a list of active markers should be maintained at a 



8 server (fig. 1 : 1 02), thus allowing a server to continually protect itself with an updated list 

9 that reflects newly discovered types of web attacks (par. 16). Sanin discloses that his 

10 method of protection against cross site scripting attacks is an enhancement to the 

1 1 known prior art methods of request validation and/or encoding, as disclosed within the 

1 2 prior art combination (par. 1 4, 1 5). One of ordinary skill in the art would have been 

13 motivated to employ the teachings of Sanin within the combination, as one of ordinary 

14 skill in the art would have been motivated by Sanin's teachings of an enhancement. 



15 Furthermore the combination enables: 

16 refraining from serving a response to any portion of the request (Sanin, par. 38, 

17 39; Wheeler, 4.11.6, par. 2; 4.1 1 .1 ; 4.1 1 .3, par. 5; 4.12, par. 5). 
18 

1 9 Regarding claim 8, it comprises substantially the same limitations as claim 1 , and 

20 it is rejected, at least, for the same reasons. 
21 

22 Regarding claim 9, the combination disclose: 
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1 at least one of: receiving a query string that includes at least one query string 

2 variable; receiving a cookie; receiving one or more headers in the HTTP request; and 

3 receiving one or more form fields (CERT-Advisory, page 2, pars. 2-5; CERT, page 2, 

4 Mitigation Summary). 
5 

6 Regarding claim 10, the combination disclose: 

7 at least one of: searching the HTTP request for one or more character 

8 combinations that correspond to a script construct; .searching the HTTP request for an 

9 event that includes a script construct; searching server variables that derive input data 

1 0 from another source; and searching the HTTP request for an expression that includes a 

1 1 script construct (CERT, page 3, Identifying the Special Characters; page 4, Filtering 

12 Dynamic Content). 
13 



14 Regarding claim 1 1 , the combination disclose: 

1 5 searching the input data for a script construct (CERT, page 3, Identifying the 

16 Special Characters; page 4, Filtering Dynamic Content). 
17 

18 Regarding claim 12, the combination disclose: 

19 searching for patterns associated with scripts (CERT, page 3, Identifying the 

20 Special Characters; page 4, Filtering Dynamic Content). 
21 

22 Regarding claim 14, the combination enables: 
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1 wherein preventing the cross-site scripting attack if the input data includes a 

2 script construct further comprises logging an event at the server computer (Wheeler, 

3 8.1; 10.9; 10.11): Herein, the combination disclose that a server generates a detailed 

4 log of events regarding system successes and failures, in addition to sending a 

5 response back to the user regarding the event - such as why there was a failure. 
6 



7 Regarding claim 15/ the combination enables: 

8 encoding the user input including the script construct to render the script inert 

9 (CERT-Advisory, page 2, par. 1; page 5, pars. 3-6; CERT, page 3, Identifying the 
10 Special Characters; page 4, par. 2). 

11 

12 Regarding claim 16, the combination enables: 

1 3 evaluating the HTTP request to determine in the input data includes a marker of 

14 active content (CERT, page 2, Mitigation Summary - particularly steps 2 and 4; page 3, 

15 Identifying the Special Characters). 
16 

17 Regarding claim 17, the combination enables: 

1 8 determining if the marker of active content is within a particular element, wherein 

1 9 the marker of active content is harmful only when rendered within the particular element 

20 (CERT, page 2, Mitigation Summary - particularly steps 2 and 4 (identifying special 

21 characters, filtering specific characters in dynamic elements; page 3, Identifying the 

22 Special Characters). 
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1 

2 Regarding claims 2 - 3, 5 - 7, 1 8 - 22, 24, and 25, they are method and method 

3 embodied on computer readable medium claims corresponding to the system claims 1 - 

4 17, and they are rejected, at least, for the same reasons. 
5 

6 Regarding claim 4, the combination enables: evaluating only the second portion 



7 of the request that includes the data derived from an outside source (CERT, page 2, 

8 Mitigation Summary; Wheeler, sect. 4, par. 1, 12). The combination enables the need 

9 to evaluate data comprising untrusted input that could be transmitted in an HTTP 
10 request. 

11 

12 Regarding claim 26, the combination enables: 

1 3 wherein determining if the request from the user computer includes a marker of 

1 4 active content comprises evaluating only user input fields of the request (CERT, page 2, 

15 Mitigation Summary; Wheeler, sect. 4, par. 1,12). The combination enables the need 

16 to only evaluate data comprising untrusted input that could be transmitted in an HTTP 

17 request. 
18 

19 Regarding claim 27, the combination enables maintaining a "highly customizable" 

20 list of markers of active content (Cert, pg. 4, 5; Sanin, par. 16) including inactivating 

21 markers in the list of markers (Sanin, table 4). 
22 
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1 



Regarding claim 28, the combination enables: 



2 



wherein evaluating the HTTP request to determine if the input data includes a 



3 script construct comprises evaluating the HTTP request for an event (Wheeler, sect. 

4 4.1 1 .3, box of attack types). Herein, the combination teaches to test for events, such as 

5 'onmousover' events. It does not disclose onclick events, however, one of ordinary skill 

6 in the art would have recognized that an 'onclick' events similarly introduce scripts such 

7 as 'onmouseover' events (applicant may refer to evidence such as W3C 

8 Recommendation, "Scripts") and would have been motivated to test for malicious 

9 constructs. 
10 

1 1 Regarding claim 29, the combination discloses: 

12 wherein evaluating the HTTP request to determine if the input data includes a 

13 script construct comprises evaluating the HTTP request for an element size expression 

1 4 (Wheeler, sect. 4.11.3, box of attack types). 
15 

16 Response to Arguments 



17 



18 



Applicant's arguments filed 8/15/07 have been fully considered but they are not 



19 



persuasive. 



20 



21 



Applicant essentially argues or asserts that: 



22 
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1 (i) Applicant notes that when a rejection is made under 35 U. S.C. § 1 12, first 

2 paragraph, for failure to comply with the written description requirement, the burden is 

3 on the Examiner and the description is presumed to be adequate unless the Examiner 

4 provides sufficient evidence or reasoning to the contrary so as to rebut the presumption, 

5 (M.P.E.P. § 2163.04). In the present case, the Examiner has clearly failed to meet such 

6 a burden. 

7 Although not necessary, Applicant has amended the specification to clearly 

8 identify terms which were already expressly or implicitly disclosed in the specification. 

9 Applicant notes that the purpose of 37 C.F.R. 1.75(d)(1) and M.P.E.P. § 608.01 (o) is to 

1 0 clarify claim terminology . The Office Action recites entire limitations and does not 

1 1 provide any guidance as to which, if any, claim * terms are not understood by the Office. 

12 On page 3 of the Office Action, the Examiner summarily rejects claims 1-12, 14- 

1 3 22 and 24-29. The only cited reasoning is that the Applicant has not pointed out where 

14 the new or amended claim is supported. The Examiner does not appear, however, to 

1 5 have considered whether the support is apparent, as required. Of equal significance, on 

16 page 10 of Applicant's last response (Amendment "C"), Applicant expressly pointed out 

1 7 where the amendments to the claims are supported in Applicant's original application. 

18 (Remarks, pg. 11, 12) 
19 

20 

21 In response, the examiner respectfully notes that the examiner has indeed 

22 properly provided the applicant with the rejection made under 35 U.S.C. § 1 12. 
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1 Furthermore, the examiner respectfully notes that the applicant may find it helpful to 

2 consider M.P.E.P. §2163, 3ZC.F.R. 1 .75 and M.P.E.P. §608.01. 
3 

4 First, rule § 1 .75 clearly states: "The claim or claims must conform to the 

5 invention as set forth in the remainder of the specification and the terms and 

6 phrases used in the claims must find clear support or antecedent basis in the 

7 description Also, section 608.01 (o) of the M.P.E.P clearly states: "New claims and 

8 amendments to the claims already in the application should be scrutinized not only 

9 for new matter but also for new terminology. " The examiner respectfully notes that the 

10 purpose for 37 C.F.R. 1.75 and M.P.E.P. § 608.01 is not directed solely to claim 

1 1 terminology, but also to the subject matter. The issue of proper antecedent basis for the 

12 claimed subject matter was properly addressed by the examiner in the rejection. 
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1 

2 Second, M.P.E.P. 2163 clearly states the guidelines applicable to establishing 

3 the adequacy of written description with regards to both originally filed claims and newly 

4 amended claims: "There is a strong presumption that an adequate written description of 

5 the claimed invention is present in the specification as filed, Wertheim, 54 1 F. 2d at 262, 

6 191 USPQ at 96; however, with respect to newly added or amended claims, 

7 applicant should show support in the original disclosure for the new or amended 

8 claims. See MPEP §714.02 and § 2163.06 ("Applicant should * * * specifically 

9 point out the support for any amendments made to the disclosure.")" 

10 M.P.E.P. 2163 clearly states: "When an amendment is filed in reply to an 

1 1 objection or rejection based on 35 U. S. C. 112, first paragraph, a study of the entire 

1 2 application is often necessary to determine whether or not "new matter" is involved. 

1 3 Applicant should therefore specifically point out the support for any amendments 

1 4 made to the disclosure. " 

15 The examiner respectfully points out that the applicant has failed to show the 

16 support for the various amendments made to the claims. It is noted that a general 

17 statement directing the examiner to review the applicant's specification fails to 

18 specifically point out the support for the claim amendments as required. It is also noted 

19 that the examiner, as part of the examination process, has carefully considered the 

20 applicant's disclosure. Thus, the examiner properly notes that the applicant has not 

21 pointed out where the new (or amended) claim is supported, nor does there appear to 
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1 be a written description of the claim limitations in the application as filed (see above 

2 objection to the specification). 
3 

4 (ii) For example, among other things, the cited references fail to disclose or suggest 

5 wherein determining that a marker of active content exists includes examining only a 

6 second portion of data that includes all of the data derived from an outside source, as 

7 claimed in combination with the other claim elements. In other words, the cited 

8 references fail to disclose that when examining a request, the first portion of data (i.e., 

9 data which is not derived from an outside source) is not examined. (Remarks, pg. 13) 
10 

1 1 In response, the examiner points out that the prior art discloses examining data 

12 within an HTTP request, the HTTP request originating from outside of the server ("an 

13 outside source") (CERT-Advisory, page 1, Systems Affected, Overview; page 2, pars. 2- 

14 4). Thus the prior art meets the claim limitations of wherein determining whether the 

1 5 request from the user computer includes a marker of active content includes examining 

1 6 only the second portion of the request. 

17 In response to applicant's argument that the references fail to show certain 

18 features of applicant's invention, it is noted that the features upon which applicant relies 

19 (i.e., the first portion of data (i.e., data which is not derived from an outside source) is 

20 not examined) are not recited in the rejected claim(s). Although the claims are 

21 interpreted in light of the specification, limitations from the specification are not read into 

22 the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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1 

2 Conclusion 

3 

4 The prior art made of record and not relied upon is considered pertinent to 

5 applicant's disclosure: 
6 

7 See Notice of References Cited 

8 

9 A shortened statutory period for reply is set to expire- 3 months (not less than 90 

1 0 days) from the mailing date of this communication. 

1 1 Any inquiry concerning this communication or earlier communications from the 

12 examiner should be directed to Jeffery Williams whose telephone number is (571) 272- 

13 7965. The examiner can normally be reached on 8:30-5:00. 

14 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

15 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

16 number for the organization where this application or proceeding is assigned is (703) 

17 872-9306. 
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Information regarding the status of an application may be obtained from the 



2 Patent Application Information Retrieval (PAIR) system. Status information for 

3 published applications may be obtained from either Private PAIR or Public PAIR. 

4 Status information for unpublished applications is available through Private PAIR only. 

5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

6 you have questions on access to the Private PAIR system, contact the Electronic 

7 Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

8 USPTO Customer Service Representative or access to the automated information 

9 system, call 800-786-91 99 (IN USA OR CANADA) or 571-272-1 000. 

10 

11 J.Williams 

12 AU:2137 <?? ^ 
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